Hi all, I opened an INFRA ticket to get us access to see the GitHub dependabot warnings. In order to see them, you need to link your GitHub and ASF accounts if you haven't done that yet - the link to do it is this: https://gitbox.apache.org/setup/
I also opened a PR <https://github.com/apache/datafu/pull/18> / Jira issue <https://issues.apache.org/jira/browse/DATAFU-160> which fixes/adds the GitHub "codeql" static code analysis to our project (and updates some libraries used in our web site). I don't know how useful codeql will be, but it can serve as an example for people to add other static code analysis tools - there are many on GitHub, you can see them in the "scurity" tab. In order to make the codeql build work, I upgraded the Gradle version used in our wrapper - if someone else can take it make sure a build looks OK for them that would be great. Another "future" task can be upgrading our Gradle further, since we're still years behind the current version. Hope all of you are well, Eyal
